UK introduces strict online safety rules for tech firms

As the Online Safety Act takes effect, tech companies operating in the UK face the new legal requirement to demonstrate compliance with Ofcom's illegal content codes. These mandates, introduced today, are designed to foster safer digital spaces by obligating social media platforms to identify and expeditiously remove illegal content, such as child sexual abuse material. This marks a significant shift from a reactive protocol to a proactive approach in online safety.

Mark Jones, a partner at Payne Hicks Beach, elaborated on the significance of the initial deadline: "Tech companies must have completed their illegal harms risk assessments," he noted, adding, "it's insufficient to merely conduct these assessments; companies must actively engage in strategies to combat illegal content." Ofcom has provided comprehensive guidance to assist companies in this process, outlining expectations for risk profiles and other necessary components.

Non-compliance with the Online Safety Act could result in severe financial penalties, with Ofcom empowered to fine companies up to GBP £18 million or 10% of their global revenues, depending on which is greater. In cases of serious violations, Ofcom could even seek court orders to block sites within the UK altogether.

Terry Green, a partner at Katten Muchin Rosenman UK, highlights the legislation's broader implications: "This marks an unprecedented change in UK online safety," he remarked, pointing to the formidable expectations placed on service providers. The act currently mandates an assessment of 17 types of risk and the implementation of over 40 measures. Future phases are poised to address child safety, adult content, and broader protections for women and girls, indicative of a growing regulatory burden for these digital platforms.

The enforcement of this rigorous framework is not limited to major players alone. Ofcom has already launched enforcement initiatives targeting smaller service providers, particularly those associated with file-sharing and storage, in an effort to curb the dissemination of child sexual abuse material. This underscores the regulatory body's commitment to holding all digital service providers accountable, regardless of their size.

Key requirements under the act include appointing a designated individual responsible for online safety compliance, and ensuring company terms of service are easily accessible and understandable to users. Additionally, platforms where users connect with each other must protect children by obscuring their profiles and preventing unsolicited messages from unknown accounts. Similarly, measures are put in place to empower users, particularly women and girls, to block or mute harassing entities and mandate the removal of non-consensual intimate images.

The onset of the Online Safety Act represents a pivotal moment for digital regulation in the UK. With service providers under scrutiny not just for their immediate compliance but also for their systems' long-term efficacy, the expectation is for swift, impactful changes in online safety measures. As Mark Jones aptly pointed out, whether Ofcom opts for informal guidance or more forceful enforcement will depend heavily on how companies respond in the coming months.

The robust stance taken by Ofcom reflects a deep commitment to secure the digital landscape, ensuring it is safe not only for the current users but future generations, thereby setting a precedent for regulatory practices worldwide.